Vulnerabilities in security configuration on your Windows machines should be remediated
Is there any way to exempt just one of the items under this recommendation? I want to exempt "Replace a process level token". It keeps coming back as not remediated because I have the AppPool in the rule which it says is acceptable. I want this to be green in my secure score. Thanks
Azure Security Centre - Qualys not free
Does anyone know why the Qualys agent add on seems to not be free. When I go into Security Centre recommendations the suggestion is to install Qualys so I can undertake vulnerability assessments. However the page then takes me to the Qualys portal where I can only get a free 30 day trial. My Security Center is Standard Tier. Thanks for any advice
Question regarding manual (or delayed automatic) onboarding of VMs to Microsoft Defender for Cloud
Hello, I have a use case scenario where my infrastructure consisting of both Linux and Windows Virtual Machines is deployed via Azure DevOps Pipeline to an Azure Subscription, which has Microsoft Defender for Cloud enabled with advanced security features. I'd like for my Infrastructure Build Pipeline tasks to finish before letting Microsoft Defender for Cloud do it's magic with enabling Microsoft Defender for Endpoint features (mainly enabling EDR solution on Endpoints) in order to prevent any possible conflicts between these two actions. So here's my question - is it possible to manually onboard Virtual Machines or delay the automatic onboarding to Microsoft Defender for Cloud?
Log Analytics workspace
Hello, can anyone help me understand the workspace used for Defender for Cloud How to identify which workspace is Defender for cloud connected to, older version of Defender for cloud has clear mention of the workspace name to which it is connected, the latest version just displays it as "Default Workspace" not the actual name of the workspace, as there are multiple "Default workspaces" in a subscription/Tenant. Thanks in Adv.Azure Security Center - Security offering for Azure Kubernetes Service is now generally available
We are very excited to share with you that the Azure Security Center offering for Azure Kubernetes Service is generally available! The popular, open source platform Kubernetes has been adopted so widely that it’s now an industry standard for container orchestration. Despite this widespread implementation, there’s still a lack of understanding regarding how to secure a Kubernetes environment. Defending the attack surfaces of a containerized application requires expertise to ensure the infrastructure is configured securely and constantly monitored for potential threats. With this native solution, Azure Security Center is expanding its container security features to protect Azure Kubernetes Service (AKS), providing an experience that blends into the Security Center cloud security suite and answers customer demand in the rapidly growing Container Security space. This is an important milestone on the journey towards providing Azure customers with a single pane of glass for CWP workloads. The new capabilities include: Discovery and visibility - Continuous discovery of managed AKS instances within the subscriptions registered to Security Center. Security recommendations - Actionable recommendations to help you comply with security best-practices for AKS. These recommendations are included in your secure score to ensure they’re viewed as a part of your organization’s security posture. An example of an AKS-related recommendation you might see is "Role-based access control should be used to restrict access to a Kubernetes service cluster". Threat protection - Through continuous analysis of your AKS deployment, Security Center alerts you to threats and malicious activity detected at the host and AKS cluster levels Additional information can be found here: Container security in Security Center Azure Kubernetes Services integration with Security Center Monitoring the security of your containersNew Blog Post | Defender for DevOps - Configuration of DevOps Pipeline Classic and YAML method
Full blog post: Defender for DevOps - Configuration of DevOps Pipeline Classic and YAML method - Microsoft Community Hub Microsoft Defender for DevOps shows the security posture of pre-production application code and resource configurations. Security teams can use the service to enable security checks for their templates and container images designed to minimize the chance that cloud misconfigurations reach production environments. Leveraging [insights] within Microsoft Defender for Cloud, security admins can help developers prioritize critical code fixes with actionable remediation and assign developer ownership by triggering custom workflows. Defender for DevOps uses a central console to empower security teams with the ability to protect applications and resources from code to cloud across multi-pipeline environments, such as GitHub, Azure DevOps and more to come. With an intent to help Security admins and developers, Azure DevOps provides two ways of configuration today. In this article we want to walk you through the configuration of Azure DevOps pipelines via the classic UI and YAML. Original post: New Blog Post | Defender for DevOps - Configuration of DevOps Pipeline Classic and YAML method - Microsoft Community Hub
New Blog | Microsoft Defender Cloud Now Supports CIS Azure Security Foundations Benchmark 2.0.0
We are thrilled to announce that Microsoft Defender Cloud, in collaboration with the Center for Internet Security (CIS), now supports the latest CIS Azure Security Foundations Benchmark - version 2.0.0. This release also includes the new corresponding built-in policy initiative in the Azure Policy blade. Read the full update here: Microsoft Defender Cloud Now Supports CIS Azure Security Foundations Benchmark 2.0.0New Blog Post | ASC to find machines affected OMI vulnerabilities in Azure VM Management Extension
Using ASC to find machines affected by OMI vulnerabilities in Azure VM Management Extensions - Microsoft Tech Community Two weeks ago, Microsoft released fixes for three Elevation of Privilege (EoP) vulnerabilities and one unauthenticated Remote Code Execution (RCE) vulnerability in the Open Management Infrastructure (OMI) framework: CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647, respectively. OMI is an open-source Web-Based Enterprise Management (WBEM) implementation for managing Linux and UNIX systems. Several Azure Virtual Machine (VM) management extensions use this framewor to orchestrate configuration management and log collection on Linux VMs. The remote code execution vulnerability, CVE-2021-38647, only impacts customers using a Linux management solution (on-premises SCOM or Azure Automation State Configuration or Azure Desired State Configuration extension) that enables remote OMI management. Original Post: New Blog Post | ASC to find machines affected OMI vulnerabilities in Azure VM Management Extension - Microsoft Tech CommunityASC | New blog on Fileless Attack Detection for Linux Preview is expanding
The Azure Security Center team is excited to share that the Fileless Attack Detection for Linux Preview, which we announced earlier this year, is expanding to include all Azure VMs and non-Azure machines enrolled in Azure Security Center Standard and Standard Trial pricing tiers. This solution periodically scans your machine and extracts insights directly from the memory of processes. For more details please continue on the blog here.
